Automating and securing your CI/CD-pipeline is an important step in creating efficient teams while maintaining a state of comfort amongst the developers by protecting the production environment with tests and tools. Some functionality requires relatively expensive subscriptions or enterprise level features, but there are a lot of alternative recommendations and best practices that you could consider. Let's threat model your CI/CD pipeline to identify threats, mitigations and verifications.